Some are quick to promote apps as being safe for your use just because they are encrypted. I will talk about how many of the popular apps that are commonly t...
Sure, but other messengers that do not use phone-numbers do not leak this info. And as long as Signal is used by a certain minority it is a risky metadata leak.
And you can turn this in any way you want, but using phone-numbers as the public identifier is a really bad idea and disqualifies Signal for most privacy sensitive communication. Even if everyone was using Signal it would be still a bad idea to hand out your phone number and have it visible in group-chats.
We are not comparing Signal with “messengers that do not use phone-numbers”. We are comparing it to messengers in the level of Telegram and Whatsapp, because the point was that placing it all on the same level isn’t accurate or fair. Reality isn’t Black&White.
Signal is definitely flawed, but I’d much rather have people asking me to communicate via Signal than through Telegram/Whatsapp as they usually do.
Because “slightly less” is a subjective measure that’s relative to how pedantic we want to get.
Even XMPP is a “slightly less” bad option, in the sense that you are still targetable when using a sufficiently advanced method, and you are still not free of risk. Even hosting your own instance you give away the IP, if you don’t host it then you do have to trust the host to keep the metadata safe.
So? We are talking about the risk of using your phone number as the public identifier. So any service that doesn’t use phone numbers at all is by definition in a completely different league then one that does.
I am not talking about some hypothetical extreme privacy considerations, but the very real problem of using phone numbers and the huge number of issues associated with that.
I thought we were talking about security and privacy in general, applied to messaging platforms.
If you want to talk exclusively about phone numbers then it’s obvious that if a messaging system doesn’t use phone numbers there’s no risk that metadata related to phone number is the one that’ll get leaked.
Whether you want to make them be “a completelly different league” based on that distinction alone is an arbitrary separation. By that logic unencrypted email would be in the same league as XMPP.
Sure, but other messengers that do not use phone-numbers do not leak this info. And as long as Signal is used by a certain minority it is a risky metadata leak.
And you can turn this in any way you want, but using phone-numbers as the public identifier is a really bad idea and disqualifies Signal for most privacy sensitive communication. Even if everyone was using Signal it would be still a bad idea to hand out your phone number and have it visible in group-chats.
And yet Telegram and Whatsapp do that and more.
We are not comparing Signal with “messengers that do not use phone-numbers”. We are comparing it to messengers in the level of Telegram and Whatsapp, because the point was that placing it all on the same level isn’t accurate or fair. Reality isn’t Black&White.
Signal is definitely flawed, but I’d much rather have people asking me to communicate via Signal than through Telegram/Whatsapp as they usually do.
Why? That is like saying lets only compare really bad options with slightly less bad options.
Threema for example does not require phone numbers and there are also good XMPP based messengers.
Because “slightly less” is a subjective measure that’s relative to how pedantic we want to get.
Even XMPP is a “slightly less” bad option, in the sense that you are still targetable when using a sufficiently advanced method, and you are still not free of risk. Even hosting your own instance you give away the IP, if you don’t host it then you do have to trust the host to keep the metadata safe.
So? We are talking about the risk of using your phone number as the public identifier. So any service that doesn’t use phone numbers at all is by definition in a completely different league then one that does.
I am not talking about some hypothetical extreme privacy considerations, but the very real problem of using phone numbers and the huge number of issues associated with that.
I thought we were talking about security and privacy in general, applied to messaging platforms.
If you want to talk exclusively about phone numbers then it’s obvious that if a messaging system doesn’t use phone numbers there’s no risk that metadata related to phone number is the one that’ll get leaked.
Whether you want to make them be “a completelly different league” based on that distinction alone is an arbitrary separation. By that logic unencrypted email would be in the same league as XMPP.
XMPP is fully end 2 end encrypted these days.
“So? We are talking about the risk of using your phone number as the public identifier.”
yeah, but don’t compare xmpp to unencrypted email.